Engage Customers and Make Secure Payments with Retail POS Tablet Enclosures
Secure Payments Over Mixed Communication Media
-
Upload
jonathan-leblanc -
Category
Technology
-
view
412 -
download
1
Transcript of Secure Payments Over Mixed Communication Media
Secure Payments over Mixed Communication Media !
Jonathan LeBlanc !Twitter: @jcleblanc !Book: http://bit.ly/iddatasecurity!
• Building an identification backbone !!• Creating middle-tier transmission security !!• Privileged information security!
Identification Backbone !
Browser Fingerprinting !https://panopticlick.eff.org/ !
Device Fingerprinting !
//------------- !//Build Info: http://developer.android.com/reference/android/os/Build.html !//------------- !!System.getProperty("os.version"); //os version !android.os.Build.DEVICE //device !android.os.Build.MODEL //model !android.os.Build.VERSION.SDK_INT //sdk version of the framework !android.os.Build.SERIAL //hardware serial number, if available !
Retrieving Build Information for Android Device !
Getting Paired Devices !
//fetch all bonded bluetooth devices !Set<BluetoothDevice> pairedDevices = mBluetoothAdapter.getBondedDevices(); !!//if devices found, fetch name and MAC address for each !if (pairedDevices.size() > 0){ ! for (BluetoothDevice device : pairedDevices){ ! //Device Name - device.getName() ! //Device MAC address - device.getAddress() ! } !} !
Get all Bluetooth Paired Devices: Android!
Middle-Tier Data Security !
Asynchronous Cryptography: Securing Data Through Transmission !
Multi-User Environment !
var fs = require('fs'); !var path = require('path'); !var ursa = require('ursa'); !var mkdirp = require('mkdirp'); !!//make direction and generate private / public keys for sender / receiver !var rootpath = './keys'; !makekeys(rootpath, 'sender'); !makekeys(rootpath, 'receiver'); !
Package Instantiation and Directory Creation!
function makekeys(rootpath, subpath){ ! try { ! mkdirp.sync(path.join(rootpath, subpath)); ! } catch (err) { ! console.error(err); ! } ! ! var key = ursa.generatePrivateKey(); ! var privatepem = key.toPrivatePem(); ! var publicpem = key.toPublicPem() ! ! try { ! fs.writeFileSync(path.join(rootpath, subpath, 'private.pem'), privatepem, 'ascii'); ! fs.writeFileSync(path.join(rootpath, subpath, 'public.pem'), publicpem, 'ascii'); ! } catch (err) { ! console.error(err); ! } !} !
Key and Directory Creation!
//generate required keys!var senderprivkey = ursa.createPrivateKey( ! fs.readFileSync(path.join(rootpath, 'sender', 'private.pem'))); !var recipientpubkey = ursa.createPublicKey( ! fs.readFileSync(path.join(rootpath, 'receiver', 'public.pem')));!!//prepare JSON message to send !var msg = { 'user':'Nikola Tesla', ! 'address':'W 40th St, New York, NY 10018', ! 'state':'active' }; ! !msg = JSON.stringify(msg); !!//encrypt with recipient public key, and sign with sender private key !var encrypted = recipientpubkey.encrypt(msg, 'utf8', 'base64'); !var signed = senderprivkey.hashAndSign('sha256', encrypted, 'utf8', 'base64'); !
Preparing Message, Encrypting, and Signing!
//generate required keys!var senderpubkey = ursa.createPublicKey( ! fs.readFileSync(path.join(rootpath, 'sender', 'public.pem'))); !var recipientprivkey = ursa.createPrivateKey( ! fs.readFileSync(path.join(rootpath, 'receiver', 'private.pem'))); !!//verify message with sender private key !bufferedmsg = new Buffer(encrypted); !if (!senderpubkey.hashAndVerify('sha256', bufferedmsg, signed, 'base64')){ ! throw new Error("invalid signature"); !} else { ! //decrypt message with recipient private key ! var decryptedmsg = recipientprivkey.decrypt(encrypted, 'base64', 'utf8'); !! //-------- ! //message verified and decrypted ! //-------- !} !!
Decrypting, and Verifying Message!
Secure Data Triggers !
Tokenization !
Credit Card Tokenization!
Credit Card Information !Address Information !
Card Holder Name !
... !
7e29c5c48f44755598dec3549155ad66f1af4671091353be4c4d7694d71dc866
Triggering from Secure Source !
Thank You! !!Slides: http://slideshare.net/jcleblanc!
Jonathan LeBlanc !Twitter: @jcleblanc !Book: http://bit.ly/iddatasecurity!